#1  
Old 11th December 2007, 06:04
vibrancy vibrancy is offline
Junior Member
 
Join Date: Jul 2007
Posts: 26
Thanks: 3
Thanked 0 Times in 0 Posts
Default Firewall Won't Open up!

I have been searching around for this problem, and have found other issues related but never a real solution...

I have opened ports 8085 and 3724 within the firewall and restarted the firewall, yet when my app tries to connect it can't - I have tried it with the ports just being TCP, and TCP/UDP yet still nada - I know it is the ISPConfig firewall because as soon as I turn the firewall off, it connects fine, then I turn the firewall back on, and I can't connect anymore!!

Why won't the firewall open those ports? Any help would be greatly appreciated!!

Thanks!
Reply With Quote
Sponsored Links
  #2  
Old 11th December 2007, 09:20
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,037
Thanks: 841
Thanked 5,656 Times in 4,464 Posts
Default

Please post the output of:

iptables -L
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 11th December 2007, 17:44
vibrancy vibrancy is offline
Junior Member
 
Join Date: Jul 2007
Posts: 26
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Code:
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  anywhere             loopback/8
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     0    --  anywhere             anywhere
DROP       0    --  BASE-ADDRESS.MCAST.NET/4  anywhere
PUB_IN     0    --  anywhere             anywhere
PUB_IN     0    --  anywhere             anywhere
PUB_IN     0    --  anywhere             anywhere
PUB_IN     0    --  anywhere             anywhere
DROP       0    --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       0    --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
PUB_OUT    0    --  anywhere             anywhere
PUB_OUT    0    --  anywhere             anywhere
PUB_OUT    0    --  anywhere             anywhere
PUB_OUT    0    --  anywhere             anywhere

Chain INT_IN (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
DROP       0    --  anywhere             anywhere

Chain INT_OUT (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere

Chain PAROLE (10 references)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere

Chain PUB_IN (4 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:www
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:81
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:webmin
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:mysql
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:8085
ACCEPT     udp  --  anywhere             anywhere            udp dpt:3724
DROP       icmp --  anywhere             anywhere
DROP       0    --  anywhere             anywhere

Chain PUB_OUT (4 references)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere
Reply With Quote
  #4  
Old 11th December 2007, 17:48
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,037
Thanks: 841
Thanked 5,656 Times in 4,464 Posts
Default

As you see in the output, both ports are opened for udp. If you application needs them for tcp too, you should add them as tcp ports too.

Code:
ACCEPT     udp  --  anywhere             anywhere            udp dpt:8085
ACCEPT     udp  --  anywhere             anywhere            udp dpt:3724
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 11th December 2007, 21:39
vibrancy vibrancy is offline
Junior Member
 
Join Date: Jul 2007
Posts: 26
Thanks: 3
Thanked 0 Times in 0 Posts
Default

I did add them from within ISPConfig - wonder why it did not fix it in the iptables? When I open up the firewall in ispconfig - here is what I have...

Code:
  Name  	  Port  	  Type  	  Active 
  FTP  	  21  	  tcp  	  yes 
  SSH  	  22  	  tcp  	  yes 
  SMTP  	  25  	  tcp  	  yes 
  DNS  	  53  	  tcp  	  yes 
  DNS  	  53  	  udp  	  yes 
  WWW  	  80  	  tcp  	  yes 
  ISPConfig  	  81  	  tcp  	  yes 
  POP3  	  110  	  tcp  	  yes 
  SSL (www)  	  443  	  tcp  	  yes 
  Webmin  	  10000  	  tcp  	  yes 
  phpMyadmin  	  3306  	  tcp  	  yes 
  Worldd  	  8085  	  tcp  	  yes 
  Realmd  	  3724  	  tcp  	  yes 
  WorlddU  	  8085  	  udp  	  yes 
  RealmdU  	  3724  	  udp  	  yes
Reply With Quote
  #6  
Old 12th December 2007, 03:02
vibrancy vibrancy is offline
Junior Member
 
Join Date: Jul 2007
Posts: 26
Thanks: 3
Thanked 0 Times in 0 Posts
Default

ok I got it fixed, but had to manually edit:

/etc/Bastille/bastille-firewall.cfg

and

/root/ispconfig/isp/conf/bastille-firewall.cfg.master

I don't know why when I would add the TCP rule for those ports it would not update in that file, but this seems to have fixed it, everything works fine now.

Thanks for the help
Reply With Quote
  #7  
Old 12th December 2007, 10:50
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,037
Thanks: 841
Thanked 5,656 Times in 4,464 Posts
Default

The last time I tested it, it worked on my server. I will add this to the bugtracker for further testing.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
vibrancy (12th December 2007)
  #8  
Old 31st January 2008, 02:34
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts
 
Default

I've just tested it. It's working fine for me - I can't reproduce the problem...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig Instalations problems ggarcia24 Installation/Configuration 12 13th November 2007 01:07
ERROR: The PHP binary coming with ISPConfig does not work properly on your system! qvindesland Installation/Configuration 22 21st May 2007 17:05
Howto suggestion suse PhP ver 4 + Ver 5 wwparrish Suggest HOWTO 11 7th August 2006 14:29
open ports rayit General 6 18th January 2006 15:23
Problem opening firewall port weedguy General 15 12th August 2005 02:05


All times are GMT +2. The time now is 15:00.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.